Every business owner has a general sense of the importance of protecting confidential information, and most try to implement safeguards that prevent data from falling into the wrong hands. But it’s equally important to understand the privacy protection laws that affect your company. In a world where compliance is the only option, knowing the federal, provincial and sector-related laws that apply to your organization can help you refine and streamline practices to ensure privacy protection is maintained at all times.
Canadian privacy laws
There are two federal privacy laws in Canada. The most widely known of the two is PIPEDA or the Personal Information Protection of Electronic Documents Act, which is specific to private sector businesses. The other is the Federal Privacy Act which regulates how the federal government collects, uses and discloses personal information. Both laws contain sections specific to unauthorized disclosure of personal information.
PIPEDA legislation is most likely to impact your business. This law gives individuals the right to expect an organization to take appropriate security measures to protect their personal information. “Personal information” in this instance includes the following individually-identifiable data:
- name, age and ID numbers
- income, ethnic origin and blood type
- credit, loan and medical records
Individuals may complain to the Office of the Privacy Commissioners of Canada (OPC) if they feel their personal information has been breached. While the OPC can only offer recommendation to organizations following an investigation, not levy fines or sanctions, individuals can bring a complaint to the Federal Court of Canada where damages may be awarded to the complainant.
Québec privacy law
Our province also has its own privacy law: An Act Respecting the Protection of Personal Information in the Private Sector, also known as the Private Sector Act. While Québec’s provincial act has been deemed substantially similar to PIPEDA, private sector organizations operating within Québec are required to adhere to the Private Sector Act. As such, any private sector business in possession of personal information has an obligation to prevent unauthorized access to that data.
Ensuring privacy legislation compliance
PIPEDA and the Private Sector Act both require businesses to take reasonable measures to safeguard personal information in their custody. Therefore, it is crucial that your organization have in place policies and procedures that minimize privacy breach risks. Safeguards may include:
- utilizing secure areas to store and retain documents
- employing services that ensure timely and complete destruction of paper files
- maintaining protocols for maintaining business continuity
- ensuring physical protection of paper and electronic records from disaster
Often the implementation of safeguards can be achieved in a more cost-effective manner and with fewer burdens to administrative staff by engaging a trusted, local records and information management supplier.
Docu-Dépôt provides records and information management solutions to businesses throughout Montréal and Québec. To find out more, please contact us by phone or complete the form on this page.
HOURS OF OPERATION
Open to the public during the following hours:
Mon-Fri from 8:00-17:00
After 17:00 Dial (514) 271-3223 ext 299 and leave a message. We will contact you within 5 minutes.
© Copyright 2020 Docu-Dépôt. All Rights Reserved.